User:Buidhe paid/sandbox2

A web application (or web app) is application software that is accessed using a web browser.

Compared to downloaded applications, web applications are quicker to deploy and update because they can be accessed via a URL link. Additionally, they are compatible with a wider range of hardware and operating systems than other applications, and are often cheaper to develop. However, web applications often need an internet connection to work and have more limited functionality compared to native applications.

JavaScript was invented in 1995, enabling interactive web pages. Over time web application architecture has become more complex, with most featuring both a client and at least one server-side code base. Many technologies are used to build web applications, including JavaScript, Representational State Transfer (REST)—an interface for separating the client and server side of the application—and database software such as SQL to manage data regarding different users.

Web applications are vulnerable to various types of cyberattacks; defenses against malicious actors are incorporated into many. Web applications can be analyzed using functionality built into many popular web browsers, and third-party analytics are also available.

History
In 1995, Netscape introduced a client-side scripting language called JavaScript, allowing programmers to add some dynamic elements to the user interface that ran on the client side. Instead of sending data to the server in order to generate an entire web page, the embedded scripts of the downloaded page can perform tasks such as input validation and showing or hiding parts of the page. Before 2010, many web applications were developed to make the server generate a page in HTML, JavaScript, and CSS that was sent to the client. To update, the client would send another request that was returned via HTTP.

The invention of Ajax (asynchronous JavaScript and XML) in 1999 enabled network requests to be sent using JavaScript without reloading the page. This has resulted in many web applications being structured as multiple separate applications (for the client and one or multiple servers) that communicate via network protocol. The client-side software is more similar to a standard desktop application than to older web applications: it only needs to be loaded once, instead of on each update, and can make requests to multiple servers for data.

Technologies
, it is common for web applications to use the following technologies:
 * Representational State Transfer (REST) API is an interface for separating client and server side of applications while harmonizing the interface for scalability and simplicity. These APIs do not store information from prior sessions (i.e. are stateless) and are designed to exploit web caching for improved performance. REST is usually preferred to the earlier Simple Object Access Protocol (SOAP) because of better caching and because its statelessness results in lower memory usage, making it more scalable.
 * JavaScript Object Notation (JSON) is the transit data format used by most REST APIs. XML is an earlier data format used by SOAP, but it is less human-readable than JSON.
 * JavaScript is the only programming language allowed in client-side software loaded into a web browser. Server-side software may be in any programming language.
 * A single-page application (SPA) framework such as React, Vue, EmberJS, AngularJS. SPAs generate the document object model (DOM) on the webpage, which organizes the XML code that ultimately displays the content to the user. Older software used a mixture of scripts and reused HTML, but SPA frameworks have more scalability and capacity to deliver dynamic applications.
 * A system for authentication (identification of users) and authorization (determination of which resources each user should have access to). These systems distinguish different users, deliver personalized content, and keep each user's data private from each other. Basic access authentication using base64 encoding is still widely used even though it is relatively easy for a hacker to obtain a user's access credentials. Digest authentication—which stores passwords using cryptographic hashes—and other newer methods are preferred for increased security. OAuth is convenient for users because it allows them to reuse their login from another website (such as Facebook), but this approach increases the consequences if their initial login is compromised.
 * At least one web server, which most commonly is running a Linux operating system. Web server software packages are used as an additional abstraction layer to reduce the complexity of applications. Apache is a popular open-source option, while NginX is proprietary and is popular for high-volume applications because of a lower per-connection overhead.
 * Most web applications need a least one server-side database software to manage the persistent storage on disk of user data that is carried over from session to session. Many databases are SQL based, such as MySQL, which provide greater efficiency at the cost of less flexibility. MongoDB and other non-SQL alternatives store data in documents that are not so strictly organized.
 * Historically, local storage on the user's machine that persists after a user closes the tab or logs out has been minimized because of compatibility and other technical limitations. Newer web applications are more likely to store significant data on the user's machine. The most common is called "local storage" which is managed by web browsers and strictly separated so each web application cannot access another's data. IndexDB is another storage system, that unlike local storage can be queried. IndexDB is commonly used for more complex and interactive applications, such as browser games and image editors.

Types
The simplest type of web application is static and delivered to the client without any modifications. Dynamic web applications generate code interactively for a specific client via client and server side software. Single-page applications are dynamically altered instead of rewritten for increased performance. Progressive web applications are an innovation that function like a mobile app, but are delivered via a web browser. Advantages of progressive web apps over traditional mobile apps are that they are portable across many different operating systems, require less persistent storage on the device, and are still accessible without an internet connection.

Structure
Most web applications are split into client and server domains, and often there are multiple server-side domains.

Traditional PC applications are typically single-tiered, residing solely on the client machine. In contrast, web applications inherently facilitate a multi-tiered architecture. Though many variations are possible, the most common structure is the three-tiered application. In its most common form, the three tiers are called presentation, application and storage. A web browser is the first tier (presentation), an engine using some dynamic Web content technology (such as ASP, CGI, ColdFusion, Dart, JSP/Java, Node.js, PHP, Python or Ruby on Rails) is the middle tier (application logic), and a database is the third tier (storage). The web browser sends requests to the middle tier, which services them by making queries and updates against the database and generates a user interface.

For more complex applications, a 3-tier solution may fall short, and it may be beneficial to use an n-tiered approach, where the greatest benefit is breaking the business logic, which resides on the application tier, into a more fine-grained model. Another benefit may be adding an integration tier that separates the data tier from the rest of tiers by providing an easy-to-use interface to access the data. For example, the client data would be accessed by calling a "list_clients" function instead of making an SQL query directly against the client table on the database. This allows the underlying database to be replaced without making any change to the other tiers.

There are some who view a web application as a two-tier architecture. This can be a "smart" client that performs all the work and queries a "dumb" server, or a "dumb" client that relies on a "smart" server. The client would handle the presentation tier, the server would have the database (storage tier), and the business logic (application tier) would be on one of them or on both. While this increases the scalability of the applications and separates the display and the database, it still does not allow for true specialization of layers, so most applications will outgrow this model.

Security
, the number of security breaches via web applications continues to increase. Most of these breaches aim to secure data relating to economic interests. Cyberattacks are carried out through a variety of methods and attack any available target, ranging from hardware to software. One popular type of attacks directed at web applications is code injection via malicious text input; developers often implement input checking to deter such attacks. Most databases are prone to code injection attacks but these are most common for SQL as it is the most popular format. Another type of attack exploits bugs in the session management that many applications run over HTTP, which does not allow saving user data between requests. Because most applications rely on dependencies, which are usually not scrutinized as much as custom-written code, the dependencies or the linkage between them and the in-house code can be the source of vulnerabilities. On the other hand, reinventing code can lead to its own security pitfalls if the new code is not as secure as the alternative.

To build a secure application, developers make security a priority during and after the development of the application's functionality. An application is only as secure as its weakest link and needs a secure architecture at all levels of its functionality. Only limited security improvements can be made if the underlying features were not developed with security in mind. Developers will often test the software for vulnerabilities, conducting security audits, vulnerability assessments, and penetration tests (deliberate attempted cyberattack). Testing is followed by rewriting the software to close the identified vulnerabilities. Most security features will have trade-offs, for example increasing the cost of development or reducing the application's usability.

Development
Compared to other types of applications that are downloaded rather than viewed in a browser, web applications are quicker to deploy and update because they can be accessed via a URL link. Additionally, they are compatible with a wider range of hardware and operating systems than other applications, and are often cheaper to develop. However, web applications often need an internet connection to work and have more limited functionality compared to native applications.

Web development is often separated into front-end or client-side (the part of the application immediately viewable by the end user) and back-end (the part that is not immediately accessible, such as supporting databases). For client-side development, some of the most important technologies to understand are HTML, CSS, and JavaScript.

Like other software, web applications are often developed using a software-oriented text editor or integrated development environment (IDE) and version control software, such as git. Web application frameworks are software libraries designed to speed up development of web applications. The model–view–controller software design pattern, originally invented for use with graphical user interfaces (GUIs) on computers, has been repurposed for web applications. The benefit of this model is that it separates the part of the software controlling the overall application from that which is displaying content to the user or taking commands.

The optimization of performance for cloud computing-based web applications is an ongoing area of research. Existing techniques for reducing response time include improving caching and prefetching with more accurate predictions of what content the user will want next. Reducing power consumption on the client side is a particular focus for web applications viewed from mobile devices. Testing web applications can be more difficult than other applications due to the wide range of hardware and operating systems on which they are expected to function. Nevertheless, there are a variety of tools available for testing web applications and finding faults.

Analysis
Web applications can be analyzed using functionality built into many popular web browsers. Third party tools with even more analytical power are also available. Analysis tools are useful in hacking and security testing, but also in performance improvement.